1. Field of the Invention
The present invention relates to a semiconductor device including a non-volatile storage unit and, more specifically, to a semiconductor device with data confidentiality protecting function.
2. Description of the Background Art
Conventionally, microcomputers used for various purposes generally include a non-volatile storage unit (hereinafter also referred to as a non-volatile memory) such as a flash memory or an EEPROM (Electrically Erasable and Programmable Read Only Memory). When data is once written, a non-volatile memory retains the data even when the power is turned off, and it allows free rewriting of data. Therefore, a microcomputer embedded in a product with a program stored in a non-volatile memory advantageously allows a so-called updating, including program modification or addition of a new function.
When a user of a microcomputer including the non-volatile memory (hereinafter also referred to as an end user) as such should rewrite the program stored therein, operation failure or human suffering might possibly occur. There is also a concern that a competitor may unrighteously read the contents of the program. In order to prevent reading or rewriting (hereinafter also referred to as an access) by the end user, it has been a general practice to add a confidentiality protecting function (hereinafter also refereed to as “protection”) to a microcomputer.
The protecting function is realized, by way of example, by arranging, in addition to a data area, a protection information area for setting protection for the data area in the non-volatile memory, and prohibiting access by a hardware circuit in accordance with a protection setting stored in the protection information area. Japanese Patent Laying-Open No. 11-120781 discloses a semiconductor memory device that allows flexible setting of write protection state by the unit of a block group of a memory array.
When a protected program is to be updated, the protection setting must be cancelled prior to rewriting of the program. Therefore, addition of a protection function inherently involves a protection canceling function.
The protection canceling function may be implemented by an arrangement in which a specific signal is applied from an external device connected to the microcomputer to cancel protection, or an arrangement in which protection is cancelled only when an input ID (password) matches a specific ID. Presence of such an arrangement itself, however, may be a security hole. Specifically, if an ill-intentioned third party should scrutinize the microcomputer and find the specific signal or the specific ID, the protection function would be lost.
In view of the foregoing, an arrangement in which protected data is erased before canceling protection has been proposed.
Japanese Patent Laying-Open No. 2001-014871 discloses a non-volatile semiconductor memory device in which, when cancellation of protection setting is instructed, all the stored data are erased, neglecting protection setting. Japanese Patent Laying-Open No. 2003-203012 discloses a microcomputer device that allows access to a non-volatile memory only after the data in the non-volatile memory has been erased.
Further, generally, a non-volatile memory is divided into a plurality of blocks, and data is read and written block by block. Therefore, Japanese Patent Laying-Open No. 2003-203012 discloses an arrangement in which protection is set block by block.
Microcomputers come to have higher performances recently, and programs for operating the microcomputers come to be larger and more complicated accordingly. Therefore, programmers come to use library software prepared for specific functions in advance, which is read (by sub-routine call) in a program, to improve efficiency of programming, rather than forming a program from scratch. Such library software is often provided by a so-called IP (Intellectual Property) vender, other than the manufacturer of the microcomputer.
In the arrangement disclosed in Japanese Patent Laying-Open No. 2001-014871, every memory is erased when the protection is to be cancelled. Therefore, when the capacity of a stored program is small as compared with the capacity of data area, the time required for erasure becomes relatively long, lowering the process speed of the microcomputer. In the arrangement disclosed in Japanese Patent Laying-Open No. 2003-203012, protection setting is done block by block, and therefore, when the program to be protected is stored over a plurality of blocks, it is necessary to set protection on every one of the plurality of blocks in which the program is stored. Such a process is so complicated as to cause data leakage because of erroneous setting of protection.
For an IP vendor, that library software is fetched and executed in a program is a common use and poses no problem. If the contents of library software itself (instruction codes) were read, however, unauthorized copying by a third party would be possible, which makes recovery of development expenditure difficult, or know-how would be leaked. Therefore, protection setting becomes necessary, to prevent reading of the contents of library software itself, by a programmer or an end user.
By the conventional protection function, access to the protected data is prohibited uniformly, no matter whether it is a reading while programming (sub-routine call) or not. Therefore, when the protection is set, use of library software becomes impossible, causing a dilemma.